Low-risk ‘worm’ removed at hacked South Korea nuclear operator

South Korean authorities have found evidence that a low-risk computer “worm” had been removed from devices connected to some nuclear plant control systems, but no harmful virus was found in reactor controls threatened by a hacker.

Korea Hydro & Nuclear Power Co Ltd said it would beef up cyber security by hiring more IT security experts and forming an oversight committee, as it came in for fresh criticism from lawmakers following recent hacks against its headquarters.

The nuclear operator, part of state-run utility Korea Electric Power Corp, said earlier this month that non-critical data had been stolen from its systems, while a hacker threatened in Twitter messages to close three reactors.

The control systems of the two complexes housing those reactors had not been exposed to any malignant virus, Seoul’s energy ministry and nuclear watchdog said in a joint statement on Tuesday, adding the systems were inaccessible from external networks.

Energy Minister Yoon Sang-jick told a parliamentary session that evidence of the presence and removal of a “worm” – which the ministry said was probably inadvertently introduced by workers using unauthorized USB devices – was unrelated to the recent hacking incidents, drawing scepticism from some lawmakers.

“I doubt control systems are perfectly safe as said,” Lee Jung-hyun, a lawmaker in the ruling Saenuri party, told the committee hearing.

Worries about nuclear safety in South Korea, which relies on nuclear reactors for a third of its power and is the world’s fifth-largest nuclear power user, have mounted since the 2011 Fukushima disaster in Japan and a domestic scandal in 2012 over the supply of reactor parts with fake security certificates.

“We will prepare fundamental improvement measures by enhancing nuclear power’s safe operation and hiking information security systems to the highest level following this cyber attack case,” Korea Hydro and Nuclear Power said in a statement.

Seoul prosecutors have not ruled out possible involvement of North Korea in the cyber attack on the nuclear operator, which Pyongyang has denied.

Korea Hydro and Nuclear Power President and CEO Cho Seok told the hearing that all control systems of the country’s 23 nuclear reactors were safe against malignant codes. On Sunday, he said that cyber attacks on non-critical operations at the company’s headquarters were continuing, although he did not elaborate for security reasons.

The nuclear plant operator said on Tuesday it was increasing the number of staff devoted to cyber security from 53 to around 70, and would set up a committee of internal and external experts to oversee security.

Chun Soon-ok of the opposition New Politics Alliance for Democracy party said: “The government’s nuclear power policies have lost people’s trust and whatever broke out only makes people concerned more.”